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DETAILED ACTION 

Response to Arguments 

1 . Applicant argues that paragraph 67 "demonstrates to one skilled in the relevant art that 
the inventors had possession of the claimed invention because, as conveyed in a described 
embodiment, the firmware (which is typically persistent memory and OS-independent) is used to 
support authentication in pre-boot." This is not persuasive because paragraph 67 clearly states 
that the authentication credentials are retrieved "during pre-boot", and then passed to the 
operating system "upon load or in response to a port authentication request in block 502," which 
occurs post-boot (see Figure 5). 

2. Applicant argues, "authentication during the operating system runtime phase is not 
necessarily mutually exclusive of authentication of the network port prior to booting of the 
operating system." This argument is not persuasive because Applicant has claimed two 
completely different types of authentication for the same port. 

3. In response to applicant's arguments against the references individually, one cannot show 
nonobviousness by attacking references individually where the rejections are based on 
combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re 
Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

4. Applicant's arguments against the § 103 rejections are not persuasive because the factual 
inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are 
applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) have 
been fully set forth. 
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5. Applicant argues, "the recitation of unpublished art does not properly and objectively 
resolve the level of skill of a person having ordinary skill in the relevant art at the time of the 
invention. . .the unpublished material is (instead) held to be in confidence by the USPTO." This 
argument is not persuasive because "Subject matter that is prior art under 35 USC 102 can be 
used to support a rejection under section 103." Ex parte Andresen, 212 USPQ 100, 102 (Bd. Pat. 
App. & Inter. 1981. 

6. Applicant's reliance on Ex parte Erlich is misplaced for the simple reason that none of 
the prior art references "postdate the claimed invention". 

Election/Restrictions 

7. This application contains claims 15-20, 25-30 are drawn to an invention nonelected 
without traverse in the reply filed on 19 February 2008. A complete reply to the final rejection 
must include cancellation of nonelected claims or other appropriate action (37 CFR 1.144) See 
MPEP § 821.01. 

Claim Rejections - 35 USC § 112 

8. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

9. Claims 1-14, 21-24 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply 
with the written description requirement. The claim(s) contains subject matter which was not 
described in the specification in such a way as to reasonably convey to one skilled in the relevant 
art that the inventor(s), at the time the application was filed, had possession of the claimed 
invention. The specification does not support network port authentication during the pre -boot 
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phase as currently claimed. Applicant points to Figure 5 and the accompanying description for 
support. This section of the specification discloses that authentication credentials are 
retrieved/generated during the pre-boot phase, but the actual network port authentication does 
not occur until the operating system has actually booted and is running. Step 504 in Figure 5 
shows performing port authentication via operating system using authentication credentials 
during OS-runtime. Figure 5 clearly shows that the actual port authentication occurs after the OS 
has booted and run. 

10. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

11. Claims 1-14, 21-24 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

12. The claims require performing network port authentication during the pre-boot phase 
using authentication credential that have yet to be received, which renders the claims indefinite 
because it is unclear how the authentication is performed using data that is not available for use. 
Subsequent claim limitations require booting, receiving credentials, and then performing 
authentication using received credentials. Therefore, for the purposes of examination the claims 
will be treated as having all operations occur after booting has occurred. 

13. Claim 4 requires the network port to be authenticated during the operating system 
runtime phase, which directly contradicts claim 1, which requires the network port to be 
authenticated prior to booting of the operating system. 

Claim Rejections - 35 USC § 103 



Application/Control Number: 10/607,678 Page 5 

Art Unit: 2432 

14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

15. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness 
or nonobviousness. 

16. Claims 1-4, 9-14, 21, 22, 24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Roese, U.S. Publication 2004/0158735, in view of Buer, U.S. Publication No. 
2004/0250126. Referring to claims 1-4, 10-12, 21, 22, 24, Roese discloses 802.1x network 
authentication wherein an endpoint device is authenticated for network access to a specified port 
utilizing firmware functions (Figure 1 & [0015] & [0030]), which meets the limitation of loading 
port authentication firmware instructions in a supplicant system during a pre-boot phase, 
authenticating a network port hosted by an authenticator system to which the supplicant system 
is linked via execution of the port authentication firmware instructions on the supplicant system, 
wherein the network port is authenticated during the pre-boot phase, booting an operating system 
in the supplicant system, loading an operating system image into the supplicant system over a 
network that is accessed via the network port that is authenticated, the network port is 
authenticated during an operating system (OS) runtime phase, the media comprises a firmware 
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storage device. Roese does not specify port authentication using an access/challenge scheme. 
Buer discloses port authentication using an access/challenge scheme that employs a transport 
layer security (TLS) challenge response in which authentication is determined based on 
credentials provided by the supplicant system, the TLS challenge response employs credentials 
stored in a Trusted Platform Module (TPM), and wherein the method further comprises 
retrieving the credentials from the TPM ([0022]-[0026]), which meets the limitation of passing 
the authentication credentials to the booted operating system, using the passed authentication 
credentials and the booted operating system to perform a port authentication process, the port is 
authenticated using an access/challenge scheme, the access/challenge scheme employs a 
Transport Layer Security (TLS) challenge response in which authentication is determined based 
on credentials provided by the supplicant system, the TLS challenge response employs 
credentials stored in a Trusted Platform Module (TPM), and wherein the method further 
comprises retrieving the credentials from the TPM. It would have been obvious to one of 
ordinary skill in the art at the time the invention was made for the authentication scheme of 
Roese to utilize the TPM and TLS protocol as described by Buer in order to allow direct 
communication with the network while circumventing the TCP/IP stack at the client machine as 
taught by Buer ([0024]-[0025]). 

Referring to claim 9, Roese discloses authentication using EAP over LANs ([0007] & 
[00028]). 

Referring to claim 13, Roese discloses a determination of whether a port is authenticated 
is made by an authentication server that is linked in communication with the authenticator 
system (Figure 1, 103). 
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Referring to claim 14, Roese discloses a callable interface via which a port authentication 
process can be invoked ([0025]). 

17. Claims 5-8, 23 are rejected under 35 U.S.C. 103(a) as being unpatentable over Roese, 
U.S. Publication 2004/0158735, in view of Buer, U.S. Publication No. 2004/0250126, and 
further in view of Cotichini, U.S. Patent No. 6,300,863. Referring to claims 5-8, 23, Roese does 
not disclose that the firmware utilizes hidden execution mode transparent to the operation 
system. Cotichini discloses a CompuTrace agent that is adapted to work under an SMM 
environment that is triggered in response to an SMI event (Col. 30, lines 6-22), which meets the 
limitation of network port authentication is performed by executing the port authentication 
firmware using a hidden execution mode that is transparent to an operating system running on 
the supplicant system during the OS-runtime phase, the hidden execution mode is a system 
management mode (SMM), the firmware instructions are embedded as one or more SMM 
handlers, asserting an SMI on a processor of the supplicant on a periodic basis, dispatching said 
one or more SMM handlers to handle the SMI via operations, determining if a network port 
needs to be authentication, and in response, authenticating the network port. It would have been 
obvious to one of ordinary skill in the art at the time the invention was made to utilize a 
transparent agent similar to CompuTrace to perform authentication functions in Roese in order to 
provide independent transactions at regular intervals as taught by Cotichini (Col. 30, lines 6-9). 

Conclusion 

1 8 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

19. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BENJAMIN E. LANIER whose telephone number is (571)272- 
3805. The examiner can normally be reached on M-Th 7:00am-5 :30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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